CVE-2010-4514

Dotnetnuke - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in Install/InstallWizard.aspx in DotNetNuke 5.05.01 and 5.06.00 allows remote attackers to inject arbitrary web script or HTML via the __VIEWSTATE parameter. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Richard Brain · textwebappsasp

https://www.exploit-db.com/exploits/35045

View Code ZIP pw:eip

References (5)

Core 5

Core References

Exploit x_refsource_misc

http://packetstormsecurity.org/files/view/96378/PR10-19.txt

Exploit x_refsource_misc

http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-19

Exploit vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1024828

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/42478

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/45180

Scores

EPSS 0.0278

EPSS Percentile 86.1%

Details

CWE

CWE-79

Status published

Products (4)

dnnsoftware/dotnetnuke 5.05.01

dnnsoftware/dotnetnuke 5.06.00

dotnetnuke/dotnetnuke 5.05.01

dotnetnuke/dotnetnuke 5.06.00

Published Dec 09, 2010

Tracked Since Feb 18, 2026